Jose Manuel Ortega - Ethical hacking with Python tools
[21 July 2016 / 2016-07-21]
[Bilbao, Euskadi, Spain]
Python, as well as offering an ecosystem of tools for testing security
and application pentesting.Python offers a tool ecosystem for
developing our own tools security for testing applications and the
servers security,identifying information about servers and potential
The ultimate objective is show a pentesting tool integrating some of
the modules commented and try a demo showing info about our domain
target and find vulnerabilities in it,
Nowdays, Python is the language more used for developing tools within
the field of security. Many of the tools can be found today as port
scanner, vulnerability analysis, brute force attacks and hacking of
passwords are written in python. The goal of the talk would show the
tools available within the Python API and third-party modules for
developing our own pentesting and security tools and finally show a
pentesting tool integrating some of the modules.
The main topics of the talk could include:
**1.Enter Python language as platform for developing security tools**
Introduction about the main libraries we can use for introducing in
development of security tools such as socket and requests.
**2.Libraries for obtain servers information such as Shodan,
Shodan is a search engine that lets you find specific computers
(routers, servers, etc.) and get information about ports and services
that are opened.
**3.Analysis and metadata extraction in Python for images and documents**
Show tools for scraping web data and obtain metadata information in
documents and images
**4.Port scanning with tools like python-nmap**
With python-nmap module we can check ports open for a target ip or domain.
**5.Check vulnerabilities in FTP and SSH servers**
With libraries like ftplib and paramiko we can check if the server is
vulnerable to ftp and ssh anonymous connections.